General web and hosting related blog by Softaculous

Tag Archives: WordPress

Version 4.1 of WordPress, named “Dinah” in honor of jazz singer Dinah Washington, is now available for install and upgrade via Softaculous. New features in WordPress 4.1 help you focus on your writing, and the new default theme lets you show it off in style.

Try the new theme Twenty Fifteen

The newest default theme, Twenty Fifteen, is a blog-focused theme designed for clarity.

Sometimes, you just need to concentrate on putting your thoughts into words. Try turning on distraction-free writing mode. When you start typing, all the distractions will fade away, letting you focus solely on your writing. All your editing tools instantly return when you need them.

The Finer Points

Choose a language

Right now, WordPress 4.1 is already translated into over forty languages, with more always in progress. You can switch to any translation on the General Settings screen.

Log out everywhere

If you’ve ever worried you forgot to sign out from a shared computer, you can now go to your profile and log out everywhere.

Vine embeds

Embedding videos from Vine is as simple as pasting a URL onto its own line in a post. See the full list of supported embeds.

Plugin recommendations

The plugin installer suggests plugins for you to try. Recommendations are based on the plugins you and other users have installed.

Under the Hood

Complex Queries

Metadata, date, and term queries now support advanced conditional logic, like nested clauses and multiple operators — A AND ( B OR C ).

Customizer API

The customizer now supports conditionally showing panels and sections based on the page being previewed.

Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleader Benny Goodman, is available for download or update. This release brings you a smoother writing and management experience.

WordPress is already updated to 4.0 in Softaculous. You can install a new copy of WordPress 4.0 or update existing installation to the latest version via Softaculous to experience the new features included in 4.0

Manage your media with style
Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.

Working with embeds has never been easier
Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.

WordPress has expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.

Focus on your content
Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools available at all times.

Finding the right plugin
There are more than 30,000 free and open source plugins in the WordPress plugin directory. WordPress 4.0 makes it easier to find the right one for your needs, with new metrics, improved search, and a more visual browsing experience.

WordPress 3.8 is now available via Softaculous. Upgrade your existing installation to 3.8 with one click or install a fresh new blog.

WordPress has gotten a facelift. 3.8 brings a fresh new look to the entire admin dashboard. Gone are overbearing gradients and dozens of shades of grey — bring on a bigger, bolder, more colorful design!

Modern aesthetic

The new WordPress dashboard has a fresh, uncluttered design that embraces clarity and simplicity.

Clean typography

The Open Sans typeface provides simple, friendly text that is optimized for both desktop and mobile viewing. It’s even open source, just like WordPress.

Refined contrast

Beautiful design should never sacrifice legibility. With superior contrast and large, comfortable type, the new design is easy to read and a pleasure to navigate.

WordPress on every device

We all access the internet in different ways. Smartphone, tablet, notebook, desktop — no matter what you use, WordPress will adapt and you’ll feel right at home.

High definition at high speed

WordPress is sharper than ever with new vector-based icons that scale to your screen. By ditching pixels, pages load significantly faster, too.

Admin color schemes to match your personality

WordPress just got a colorful new update. WordPress 3.8 includes eight new admin color schemes so you can pick the one that suits you best.

Color schemes can be previewed and changed from your Profile page.

Refined theme management

The new themes screen lets you survey your themes at a glance. Or want more information? Click to discover more. Then sit back and use your keyboard’s navigation arrows to flip through every theme you’ve got.

Smoother widget experience

Drag-drag-drag. Scroll-scroll-scroll. Widget management can be complicated. With the new design, WordPress team has worked to streamline the widgets screen.

Have a large monitor? Multiple widget areas stack side-by-side to use the available space. Using a tablet? Just tap a widget to add it.

Twenty Fourteen, a sleek new magazine theme

Turn your blog into a magazine

Create a beautiful magazine-style site with WordPress and Twenty Fourteen. Choose a grid or a slider to display featured content on your homepage. Customize your site with three widget areas or change your layout with two page templates.

With a striking design that does not compromise our WordPress’ simplicity, Twenty Fourteen is the most intrepid default theme yet.

The WordPress security team resolved three security issues, and this release also contains some additional security hardening.

The security fixes include :

Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.

Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.

Fix insufficient input validation that could result in redirecting or leading a user to another website.

The additional security hardening include:

Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

If you run a high traffic WordPress installation you will want to optimize WordPress and your server to run as efficiently as possible. This article gives a general overview of the avenues to pursue. It’s not a detailed technical explanation of each aspect.

The optimization techniques available to you will depend on your hosting setup. This article is divided into categories according to hosting type.

1) Shared Hosting :

This is the most common type of hosting. Your site will be hosted on a server along with many others. The hosting company manages the web server for you, so you have very little control over server settings and so on. The areas most relevant to this type of hosting are :

Caching : WordPress caching is the fastest way to improve performance. Plugins like W3 Total Cache or WP Super Cache can be easily installed and will cache your WordPress posts and pages as static files. These static files are then served to users, reducing the processing load on the server. This can improve performance several hundred times over for fairly static pages.

WordPress Performance : The first and easiest way to improve WordPress performance is plugins. Deactivate and delete any unnecessary plugins. Try selectively disabling plugins to measure server performance. Is one of your plugins significantly affecting your site’s performance?
Then you can look at optimizing plugins. Are plugins coded inefficiently? Do they repeat unnecessary database queries? WordPress has its own caching system, so generally speaking, using functions like get_option(), update_option() and so on will be faster than writing SQL.

2) Virtual / Dedicated Server :

In this hosting scenario you have control over your own server. The server might be a dedicated piece of hardware or one of many virtual servers sharing the same physical hardware. The key thing is, you have control over the server settings. In addition to the areas above Caching and WordPress performance, you can follow the below techniques to optimize your server :

Server Optimization :

DNS: If you host your DNS on external servers this will reduce the load on your primary web server. It’s a simple change, but it will offload some traffic and cpu load.

Web Server: Your web server can be configured to increase performance. There are a range of techniques from web server caching to setting cache headers to reduce load per visitor. Search for your specific web server optimizations (for example, search for “apache optimization” for more info).

PHP: There are various PHP accelerators available which can dramatically improve performance of your PHP files. This will apply to all PHP files, not just your WordPress installation. Search for PHP optimization for more information, f.e. APC.

MySQL: MySQL optimization is a black art in itself. A few simple changes to the query cache settings can have a dramatic effect on WordPress performance because WordPress repeats a lot of queries on every request. Search for mysql optimization for more.

Offloading :

Static Content : Any static files can be offloaded to another server. For example, any static images, JavaScript or CSS files can be moved to a different server. This is a common technique in very high performance systems (Google, Flickr, YouTube, etc) but can also be helpful for smaller sites where a single server is struggling. Also, moving this content onto different hostnames can lay the groundwork for multiple servers in the future.Some web servers are optimized to serve static files and can do so far more efficiently than more complex web servers like Apache, for example publicfile or lighttpd.

Multiple Hostnames : There can also be user improvements by splitting static files between multiple hostnames. Most browser will only make 2 simultaneous requests to a server, so if you page requires 16 files they will be requested 2 at a time. If you spread that between 4 host names they will be requested 8 at a time. This can reduce page loading times for the user, but it can increase server load by creating more simultaneous requests. Also, known is “pipelining” can often saturate the visitor’s internet connection if overused.

Offloading images is the easiest and simplest place to start. All images files could be evenly split between three hostnames (assets1.yoursite.com, assets2.yoursite.com, assets3.yoursite.com for example). As traffic grows, these hostnames could be moved to your own server. Note: Avoid picking a hostname at random as this will affect browser caching and result in more traffic and may also create excessive DNS lookups which do carry a performance penalty.

Likewise any static JavaScript and CSS files can be offloaded to separate hostnames or servers.

Currently a large distributed brute force attack against WordPress sites has been occurring. A large botnet with more than 90,000 servers is attempting to get into the WordPress admin dashboard by cycling through different usernames and passwords. The attack is widespread and very vigorous. This attack seems to be so powerful that it is affecting almost every major web hosting company around the world.

Similar large-scale attack had occurred in October of 2012 when WordPress.com disclosed that some 50,000 sites were compromised.

What should we do ?

1. The FIRST step is to login to your WordPress and change your password to something very secure. Here is a guide on selecting a strong password.

2. Install the Limit Login Attempts plugin. This will prevent from the attackers to login after certain attempts even if they manage to determine the combination of your login details.

3. Allow access to wp-login.php only to specific range of IP using .htaccess

WordPress is one of the most popular blog today. As it is the most popular application there are numerous hackers who are honing their skills to make it to the big leagues.

WordPress is pretty secure and they provide frequent updates but we can make the installation more secure by following some simple steps :

1. The most easiest way is to be updated with WordPress

WordPress provides security updates immediately if a loop hole is detected, so being updated with WordPress will help you to be more secure. It hardly takes a minute to update WordPress with Softaculous.

2. Generic admin username

Most users make a mistake by continuing with the default username for the administrator account ie is admin. Its a common username and every hacker would know that. Choose a username other than admin you can use your name i.e. john as your username. You can choose the username on the install form.

3. Choose a Strong Password

Using a simple password is a bad idea. Use a password that is more secure to let the hackers stay away from you. Use a combination of alphabets, numbers and special characters.

4. Secure permissions to the config file

The wp-config.php file contains all the configuration and settings of WordPress, exposing this file to hackers is a very big threat to your blog they could easily inject malware into your blog or delete the content on your blog. The solution for this is to revoke the permission to the config file. The WordPress config file is wp-config.php which located in the root directory of your installation. Change the permission to something safe like 0600 if suPHP is enabled on your server. You can ask your host to confirm which permission is suitable on your server.

5. Backup regularly

Backing up your installation is very important because if your installation is hacked you can restore your installation from the backup. You should always take a back up of your database and files, it is recommended to take a weekly backup of your data there are several plugins that will do it for you or you can use Softaculous to backup and restore your installation.

6. Plugins

Make a point to update the plugins when there is an update available. It is always a good idea to be updated. Also, if you are not using a specific plugin, delete it.